Microsoft released fixes for a total of 63 bugs in its November 2023 update, including three that threat actors are actively exploiting already and two that were disclosed previously but have not been exploited yet.
From a raw numbers standpoint, Microsoft's November update is considerably smaller than the one in October, which contained fixes for a hefty 112 CVEs. This month's update also included fewer critical vulnerabilities - three - compared with recent months. Microsoft has assessed all but four of the remaining CVEs in its November updates as being of either moderate or important severity.
One of them is CVE-2023-36036, a privilege escalation vulnerability in Microsoft's Windows Cloud Files Mini Filter Driver that gives attackers a way to acquire system-level privileges. Microsoft has assessed the vulnerability as being a moderate - or important - severity threat but has provided relatively few other details about the issue. Satnam Narang, senior staff research engineer at Tenable, identified the bug as something that is likely going to be of interest to threat actors from a post-compromise activity standpoint. An attacker requires local access to an affected system to exploit the bug. The exploitation involves little complexity, user interaction, or special privileges.
[
Collection
]
[
|
...
]